Aug 132011
 

It is often the case that people are reluctant to apply operating system patches to servers for two core reasons :-

  1. Applying patches often means an interruption to service, and arranging an appropriate outage can sometimes be difficult.
  2. There is a risk in applying patches that they may break something that previously worked.

Both concerns are legitimate, but what is less often observed is that an unpatched server may appear to be working but to an extent is already broken – the patches are released to fix broken servers.

If we look at car maintenance, we are used to the idea that we take our cars for preventative maintenance – it is called a service. Almost everyone with a new car will routinely take it along at regular intervals for a service to reduce the risk that it will break unexpectedly. Those with older cars frequently accept that their car will unexpected break and they will have to cope with that when it occurs.

Or in other words we apply preventative maintenance to cars, deliberately taking them out of service (you can’t use a car when it is in the garage getting services) so as to exchange a scheduled period of unavailability for reducing the risk of an unexpected unavailability.

It should be the same for operating system patches.